projects / goodfet / blob
? search:


279036790ec86eb1fed2cd6c8984cabdb52a70e6
[goodfet] / client / GoodFETGlitch.py
1 #!/usr/bin/env python
2 # GoodFET Client Library
3
4 # (C) 2009 Travis Goodspeed <travis at radiantmachines.com>
5 #
6 # This code is being rewritten and refactored.  You've been warned!
7
8 import sys, time, string, cStringIO, struct, glob, serial, os, random;
9 import sqlite3;
10
11 from GoodFET import *;
12
13 class GoodFETGlitch(GoodFET):
14     
15     def __init__(self, *args, **kargs):
16         print "Initializing GoodFET Glitcher."
17         #Database connection and tables.
18         self.db=sqlite3.connect("glitch.db");
19         self.db.execute("create table if not exists glitches(time,vcc,gnd,trials,glitchcount,count,lock)");
20         self.client=0;
21     def setup(self,arch="avr"):
22         self.client=getClient(arch);
23     def learn(self):
24         #Learning phase
25         trials=1;
26         lock=0;  #1 locks, 0 unlocked
27         vstart=0;
28         vstop=0xFFF;  #Smaller range sometimes helps.
29         vstep=1;
30         tstart=0;
31         tstop=-1; #<0 defaults to full range
32         tstep=0x1; #Must be 1
33         self.scan(lock,trials,vstart,vstop,tstart,tstop);
34     def scan(self,lock,trials=1,vstart=0,vstop=0xfff,tstart=0,tstop=-1):
35         client=self.client;
36         self.lock=lock;
37         client.serInit();
38         if tstop<0:
39             tstop=client.glitchstarttime();  #Really long; only use for initial investigation.
40             print "-- Start takes %04i cycles." % tstop;
41         client.start();
42         client.erase();
43         
44         self.secret=0x69;
45
46         while(client.eeprompeek(0)!=self.secret):
47             print "-- Setting secret";
48             client.start();
49             
50             #Flash the secret to the first two bytes of CODE memory.
51             client.erase();
52             client.eeprompoke(0,self.secret);
53             client.eeprompoke(1,self.secret);
54             sys.stdout.flush()
55
56         #Lock chip to unlock it later.
57         if lock>0:
58             client.lock();
59         voltages=range(vstart,vstop,1);
60         times=range(tstart,tstop,1);
61         
62         gnd=0;     #TODO, glitch GND.
63         vcc=0xfff;
64         random.shuffle(voltages);
65         random.shuffle(times);
66         
67         count=0; #Commit counter.
68         for vcc in voltages:
69             for time in times:
70                 self.scanat(trials,vcc,gnd,time)
71                 sys.stdout.flush()
72                 count+=trials;
73                 if count>1000:
74                     count=0;
75                     self.db.commit();
76
77     def scanat(self,trials,vcc,gnd,time):
78         client=self.client;
79         db=self.db;
80         client.glitchRate(time);
81         client.glitchVoltages(gnd, vcc);  #drop voltage target
82         gcount=0;
83         scount=0;
84         print "-- (%i,%i)" % (time,vcc);
85         sys.stdout.flush();
86         for i in range(0,trials):
87             client.glitchstart();
88             
89             #Try to read *0, which is secret if read works.
90             a=client.eeprompeek(0x0);
91             if self.lock>0: #locked
92                 if(a!=0 and a!=0xFF and a!=self.secret):
93                     gcount+=1;
94                 if(a==self.secret):
95                     print "-- %04x: %02x HELL YEAH! " % (time, a);
96                     scount+=1;
97             else: #unlocked
98                 if(a!=self.secret):
99                     gcount+=1;
100                 if(a==self.secret):
101                     scount+=1;
102         print "values (%i,%i,%i,%i,%i);" % (
103             time,vcc,gnd,gcount,scount);
104         self.db.execute("insert into glitches(time,vcc,gnd,trials,glitchcount,count,lock)"
105                    "values (%i,%i,%i,%i,%i,%i,%i);" % (
106                 time,vcc,gnd,trials,gcount,scount,self.lock));
GoodFET port to Arduino Uno - http://goodfet.sourceforge.net/